Keycloak-server: keycloak: improper access control in admin rest api leads...

2.7 / 10

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Description

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.

Basic Information

ID CVE-2025-14083

Source redhat

Published Jan 21, 2026 at 12:04

Affected Product

Vendor Red Hat

Product Red Hat Build of Keycloak

CWE Classification

CWE-284

References

{
    "lastseen": "",
    "description": "A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.",
    "published": "2026-01-21T12:04:12.641Z",
    "modified": "2026-01-21T12:04:12.641Z",
    "type": "cve",
    "title": "Keycloak-server: keycloak: improper access control in admin rest api leads to information disclosure",
    "source": "redhat",
    "references": "https://access.redhat.com/security/cve/CVE-2025-14083\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2419086",
    "id": "CVE-2025-14083",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 2.7,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Red Hat Build of Keycloak",
    "version": "",
    "vendor": "Red Hat",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Keycloak-server: keycloak: improper access control in admin rest api leads to information disclosure_CVE-2025-14083